Revised and Updated Policies 2023 

The Washington University in St. Louis Office of Information Security supports education, research, and clinical care by protecting systems and data for everyone at our institution. Information security is essential to every member of our community, and we all share personal responsibility for ensuring the security of our systems. We continuously improve our systems and strategies to meet our diverse users’ needs. 

We regularly review and update our policies to adapt to changes in the information security landscape. In addition to continuously monitoring our information systems’ health and periodically reviewing our policies, we engage in direct outreach with our campus throughout October by participating in Cybersecurity Awareness Month. Throughout the month, we offer events, activities, and resources to help our users keep themselves, their data, and our institution secure. 

Please visit us at for more information about Cybersecurity Awareness Month. 

Below is a list and brief description of our new and existing policies. The full text of these and other policies are available at Policies

  • Vulnerability Management Policy 
    • This policy describes how the WashU Office of Information Security will identify and resolve information technology flaws and vulnerabilities by conducting periodic scans of systems owned and managed by WashU.
  • Computer Use Policy 
    • This policy protects the availability, integrity, and confidentiality of WashU information systems themselves. The policy includes specific information about computer use, data privacy, credentials and authentication, accessing WashU secure systems, the use of personal devices, and the misuse of resources. Additionally, this policy outlines WashU’s rights regarding computer use, including regulating access to systems, monitoring, enforcing security controls, reporting, investigating policy violations, and imposing sanctions for violations.
  • New Policy Page
    • With the new design of our Policies page, visitors can conveniently locate, search for, and preview our office’s policies, standards, and guidelines. Along with a contemporary design, the three terms each include a brief definition. Understanding their differences can prevent confusion and help you find the information you need to conduct your work securely. 

To contact the Office of Information Security about our policies or other issues, please email or call us at 314-747-2955. To make an anonymous report to the Washington University Compliance Office, please email or call 314-362-4954. 

Please visit for more information about our office.